Refactor/max length encoding

[loks0n]

No description provided.

[greptile-apps]

Greptile Summary

This PR replaces the two-pass encode/truncation design (build full packet, then re-encode with encodeWithTruncation) with a single-pass approach: answers are appended one at a time with an inline size guard, authority and additional are tried all-or-nothing, and a header-rebuild path at the end patches counts, TC, and AA only when something was actually dropped. The three issues raised in previous review threads — TC=1 being silently cleared on re-encode, pre-encoded-but-discarded records on the size-check boundary, and the SOA validation firing on truncated inbound messages — are all addressed and backed by new tests.

Confidence Score: 5/5

Safe to merge — logic is correct, edge cases are well-covered by the new tests, and all three previously flagged concerns are resolved.

No P0 or P1 findings. The single-pass approach is cleaner and more efficient than the original two-pass design. TC preservation, AA clearing for NODATA/NXDOMAIN authority drops, and the SOA-validation TC bypass are all implemented correctly and covered by dedicated tests.

No files require special attention.

Important Files Changed

Filename	Overview
src/DNS/Message.php	Refactors encode() to inline truncation logic: answers loop with per-record size check, all-or-nothing authority/additional blocks, and a header-rebuild path that preserves inbound TC=1 and clears AA on NODATA/NXDOMAIN when authority is dropped. Also adds !$header->truncated guard to SOA validation.
tests/unit/DNS/MessageTest.php	Adds eight new test cases covering NODATA AA-clearing, authority-overflow cascading to additional, exact-boundary encoding, TC=1 preservation under maxSize re-encoding, extreme answer truncation AA survival, and NODATA authority drop without TC. All three previously flagged scenarios now have explicit tests.

_{Reviews (4): Last reviewed commit: "Preserve inbound TC=1 flag when re-encod..." | Re-trigger Greptile}